Your Kernel does not have anything to do with IP masquerading. A lot of people get it twisted, IP spoofing is a complex topic. The way it works is you have to send raw packets and change the source IP in the header by yourself. but of course, when you change the source IP you will not recieve the syn/ack packets so you won't know if the remote computer has accepted your connection. it's really jus shooting in the dark but it does not have anything to do with ur kernel. as long as raw sockets are supported (any OS except the older Windows and Mac OS 9 and below I think) you're in good shape.